By matthiasrohr
Application security threat modeling plugin. Provides AppSec-focused agents and skills for threat modeling, STRIDE analysis, dependency scanning, QA review, and security context resolution.
INTERNAL — invoked by appsec-threat-analyst in Phase 10c, one agent per abuse-case candidate (parallel fan-out like the Phase-9 STRIDE dispatch). Verifies a single abuse case end-to-end against the codebase: per chain step it locates the entry point, traces the sink, checks for compensating controls, and emits a step verdict ∈ {confirmed, blocked, inconclusive}. Writes one .abuse-case-verdict-<AC-ID>.json. Never rates risk — the chain verdict is computed deterministically from these step verdicts.
INTERNAL — invoked by appsec-threat-analyst at Phase 2.7 (after config-iac-scan, before architecture modeling). Performs LLM-based actor discovery: confirms relevance of static actor library entries and proposes additional repo-specific actors. Writes .actors-discovered.json. Skipped in quick-mode.
INTERNAL — invoked by the create-threat-model skill as Stage 4 when --architect-review is set. Performs an architect-level review of threat-model.md, threat-model.yaml, and the Management Summary. Writes narrative findings to $OUTPUT_DIR/.architect-review.md and a structured status signal to $OUTPUT_DIR/.architect-status.json; when technical defects are found (broken Mermaid, missing per-Critical walkthrough, §7.3 missing per-flow blocks, etc.) also writes $OUTPUT_DIR/.architect-repair-plan.json so the skill can re-render from fragments. Never edits the threat model directly.
INTERNAL — invoked by appsec-threat-analyst during Phase 2.5 (after recon, before STRIDE fan-out). Scans Dockerfile, GitHub Actions workflows, docker-compose, Dependabot/Renovate config, and npm/package config against data/config-iac-checks.yaml and emits one finding per violated check.
INTERNAL — invoked by appsec-threat-analyst. Resolves repository context from an optional REST endpoint, docs/business-context.md, and a prioritized set of common repository files (security policy, architecture docs, ADRs, OpenAPI specs, deployment configs, data model, env templates). Writes the combined context to docs/security/.threat-modeling-context.md for use by all other agents in the assessment pipeline.
Audit the current repository against a security requirements catalog and verify whether each requirement is implemented. Requirement IDs follow your catalog's own naming scheme (e.g. SEC-CSP-1, SCG-HARDENXML, or anything your YAML defines); tagging code with those IDs is optional and not required. Prints open requirements to the conversation with color-coded status and concise evidence. Optionally saves Markdown/PDF reports. With --json or --gate it also persists a deterministic structured verdict (.requirements-audit.json) and can act as a CI gate.
Preflight the Claude Code permission allow-list for the AppSec plugin. Reports which Bash/Write/Edit/Read rules from data/required-permissions.yaml are missing from the user's settings.json, so unattended /appsec-advisor:create-threat-model runs do not block on prompts. Read-only by default; --update merges missing entries into a chosen scope.
Remove stale run-state files left behind by a crashed or abruptly terminated threat-model assessment. Refuses to clean when an active run is still holding the lock. Use when the Claude Code UI shows the threat-modeling skill as "scanning" forever after a session crash.
Perform a threat assessment of a repository and produce a threat-model.md. Supports --repo to analyze external repos and --output to set the output directory. Optionally also writes threat-model.yaml with --yaml flag.
Maintainer/dev skill that triages an anonymised diagnostic bundle (appsec-diag-*.tgz, produced by scripts/diagnostic_bundle.py) a user sent after a pipeline failure. Runs the deterministic inspect, then cross-references the plugin source (scripts/, agents/phases/, AGENTS.md) and known-bug history to produce a grounded root-cause hypothesis. Does NOT re-run the pipeline and never needs the user's repo.
Matches all tools
Hooks run on every tool call, not just specific ones
Uses power tools
Uses Bash, Write, or Edit tools
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
⚠️ Beta — not production ready.
appsec-advisoris under active development. Interfaces, schemas, and output may change without notice.
appsec-advisor is a Claude Code plugin for repository-based threat modeling. It derives a security architecture model from code, identifies trust boundaries and data flows, applies STRIDE, and produces reviewable findings.
It also supports requirements audits, change reviews, prompt-time security guidance, and CI gates. AppSec teams can supply their own requirements, threat context, presets, and guardrails.
Model compatibility. The plugin runs on the latest Anthropic models and is tuned for Sonnet 5, but the defaults favor economy: the token-intensive majority of the work runs on the cheaper Sonnet-4.6, and Sonnet-5 is applied by default only to the stages where its stronger reasoning is worth the added cost. You can pin any agent to a specific model (e.g. claude-sonnet-5, claude-sonnet-4-6), and the scan prints the model for every agent at start. See Session Model.
Threat models created during workshops or design reviews become stale as the implementation changes.
Most automated security tooling focuses on implementation issues such as vulnerable dependencies, insecure code patterns, secrets, and misconfigurations. It rarely explains architecture-level risk: missing trust-boundary controls, implicit service trust, unauthenticated internal data paths, or unclear control ownership.
appsec-advisor covers the gap between code scanning and manual architecture review.
The threat modeler treats the repository as the primary evidence source for security architecture review.
Code-based architecture model: Architecture, trust boundaries, and data flows come from the current repository.
Structured output: Findings pass through schemas, validation, and fixed report templates.
Organization context: Requirements, known threats, and related services can be included in the analysis.
Diff-based reruns: Findings keep stable IDs across runs, so a rescan shows what actually moved since the last one.
Architecture review: The analysis covers trust boundaries, service trust, and unauthenticated paths that code scanners often miss.
The output is a starting point for security review, not a release verdict. An AppSec engineer or security architect should validate findings before they drive remediation, exceptions, or risk acceptance.
appsec-advisor is intended for internal enterprise security review workflows.
AppSec and security architecture teams own the plugin configuration, defaults, templates, and review policy. Engineering teams run threat models during design work, review preparation, major changes, or release readiness checks, and use the requirements audit and developer helpers for ongoing compliance checks and change review.
[!IMPORTANT] Treat any repository you scan as untrusted input. Its contents flow into the LLM, so a repo can attempt prompt injection. Because the default Bash allow-list still contains general-purpose interpreters (
python3,awk,sed), a successful injection can escalate into local command execution. For third-party or vendor code, run with--trust-mode untrustedinside a container or VM. Details in SECURITY.md: Known issues.
What leaves your machine. Only the source, manifests, and config of the components under analysis, never the whole repo. Secrets surfaced in recon output are masked. The plugin needs api.anthropic.com and cannot run air-gapped; cached prompt segments live on Anthropic infrastructure for the cache TTL.
How the report is produced. Python renders the final report from validated structured data. Publishing is blocked when the secret scan finds an unmasked secret.
Use the following setup for the threat modeler, requirements audit, and developer tools.
npx claudepluginhub matthiasrohr/appsec-advisorRepository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work. Originally from OpenAI's curated skills catalog.
Security skills for vibe coding — pre-coding security assessment, code vulnerability review, and threat modeling. Works without any MCP server or Jira/Confluence setup.
AI-powered whitebox penetration testing plugin for Claude Code. 9 languages, 27 skills, 8 autonomous agents. STRIDE threat modeling, hotspot-aware findings, SARIF output, and polyglot monorepo support.
A team of AI security specialists embedded in your coding workflow. 8 agents covering every phase of the Secure SDLC: requirements, threat modelling, code review, IaC security, compliance, and release gating. Works with Claude Code, Cursor, Windsurf, and any MCP-compatible tool.
Automated OWASP security checks — Web Top 10:2025, LLM Top 10:2025, API Security Top 10:2023
Agentic-Security is a powerful Claude Code plugin that automatically performs Application Security Testing (SAST, SCA, secrets detection, and more). Think of it as the easy button for making your Claude-generated code safe and secure.